[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Revised Pre-Shared and Public Key Sig modes??

To: ipsec@tis.com
Subject: Revised Pre-Shared and Public Key Sig modes??
From: Matt Thomas <matt@ljo.dec.com>
Date: Fri, 06 Mar 1998 15:19:27 -0500
Sender: owner-ipsec@ex.tis.com


The Main Mode exchanges for Pre-Shared keys (HASH_x) or Public Key 
Signatures (SIG_x) are:

   Initiator                            Responder

   HDR, SA                         -->
                                  <--   HDR, SA
   HDR, KE, Ni                     -->
                                  <--   HDR, KE, Nr
   HDR*, IDii, [HASH_I | SIG_I]    -->
                                  <--   HDR*, IDir, [HASH_R | SIG_R]

Is there any reason why 1/2 a round trip could be not eliminated by 
having  Revised versions of these modes such that):

   HDR, SA                         -->
                                  <--   HDR, SA, KE, Nr
   HDR, KE, Ni                     -->
                                  <--   HDR*, IDir, [HASH_R | SIG_R]
   HDR*, IDii, [HASH_I | SIG_I]    -->

Since the responder has selected a single proposal, he knows what 
Diffie-Hellman group is being used so he can generate the correct 
Diffie-Hellman payload and it does cut out 1/2 a round trip.

I'll write up a draft add these as new authentication methods
unless someone convinces me this would be a bad idea.
-- 
Matt Thomas                    Internet:   matt@ljo.dec.com
AltaVista Internet Software    WWW URL:    <coming eventually>
Digital Equipment Corporation  Disclaimer: This message reflects my own
Littleton, MA                              warped views, etc.

Follow-Ups:

Re: Revised Pre-Shared and Public Key Sig modes??

From: Lewis McCarthy <lmccarth@cs.umass.edu>

Prev by Date: Re: Vendor ID Paylod
Next by Date: Re: Question about SAs and draft-ietf-ipsec-isakmp-oakley-06
Prev by thread: Re: Vendor ID Paylod
Next by thread: Re: Revised Pre-Shared and Public Key Sig modes??
Index(es):
- Main
- Thread